Saturday, December 16, 2006

Clearly it can happen anywhere at anytime...

http://www.colorado.edu/news/releases/2006/437.html

CU-Boulder Reports Security Breach In College Of Arts And Sciences Advising Computer

Dec. 15, 2006

University of Colorado at Boulder officials today announced that a server in the campus's Academic Advising Center was the subject of a computer attack.

CU-Boulder officials said they had begun the process of notifying 17,500 individuals that their personal information - including names and Social Security numbers - might have been exposed in the attack. CU-Boulder officials are continuing to determine the extent of information exposed.

Employees with CU-Boulder's Information Technology Services office discovered the attack on Dec. 8 and, following CU guidelines, began an investigation to determine how the system compromise occurred.

"The hacker apparently entered the server through a Web page," [The University apparently saw no reason not to connect the web page to this highly sensitive information... Bob] said Todd Gleeson, dean of CU-Boulder's College of Arts and Sciences, which houses the Academic Advising Center. "The information exposed contained the names and Social Security numbers of students who attended CU-Boulder orientation sessions from 2002 to 2004. We do not presently have any evidence that the data were actually accessed or used, and we are notifying the students affected."

In 2005, CU-Boulder ceased using Social Security numbers as administrative identifiers for faculty, staff, students and administrators. [“Screw everyone else!” Bob]

... Students who wish to know more about how to deal with identity theft can visit a special CU Web site at www.colorado.edu/its/security/awareness/privacy/identitytheft.pdf.



Hey! You can't treat us like common citizens!” (I wonder what they are investigating, since they seem to know who sent the “racy e-mail.”) Any implications for “electronic discovery?”

http://www.al.com/newsflash/regional/index.ssf?/base/news-26/1166220599148850.xml&storylist=alabamanews

Morgan County officials balk at e-mail probe of hard drives

12/15/2006, 4:55 p.m. ET The Associated Press

DECATUR, Ala. (AP) — Morgan County's revenue commissioner locked her computer's hard drive in a vault and the sheriff denied access to his as some officials took issue with an e-mail investigation begun after a racy e-mail was forwarded to the mayor.

Revenue Commissioner Amanda Scott said personal information such as credit card numbers are on taxpayer records stored on hard drives.

County Commission Chairman pro tem Stacy George told The Decatur Daily in a story Friday that Sheriff Greg Bartlett had given different reasons for denying access. George said it changed from protecting homeland security information to protecting National Crime Information Center data.

George said the county's Emergency Management Agency director, Eddie Hicks, has homeland security information but did not buck the investigation.

"It looks suspicious when Mr. Hicks, who has all kinds of security information, is not worried about compromising information and the sheriff is," George said. [“If you're innocent, you have nothing to worry about!” Bob]

The commission called for an investigation after a racy e-mail was sent by the county's ex-human resources director, Jack Underwood, to Chairman John Glasscock, who forwarded it to Mayor Don Kyle. An attempt to exclude elected officials, department heads and political appointees from the probe was rejected by the commission.

Letters to George from various other officials and lawyers slowed the progress of a computer specialist hired by the commission to match the information on hard drives to information on the main server, which will show if erasures have occurred.

Probate Judge Bobby Day's attorney delivered a letter to George stating that Day did not mind the expert looking at e-mails on the main server but not on the probate office's hard drives. Day said certain records, such as adoptions, are not public.

Board of Registrars chairman Adonis Bailey sent George a letter stating the expert could look at information from that office on the server but not hard drives because she must protect voters' personal information, such as Social Security numbers.

Scott, who didn't send a letter, said she didn't mind the computer specialist looking at her hard drive in her office but she didn't want it copied and removed from the courthouse.

When Hannah and others went to get Bartlett's hard drive at the new jail complex, deputy Roger Smallwood told him that the sheriff would not release the hard drive.

"I am going to do whatever it takes to get Ms. Scott's hard drive and the sheriff's," George said.


Other articles add lots of spice, but no real understanding to this story...

http://www.decaturdaily.com/decaturdaily/news/061216/scott.shtml

E-mail scandal: Scott changes locks on office

By Sheryl Marsh smarsh@decaturdaily· 340-2437



Stupid programmer tricks... Policy should ensure that terminated employees can't access your computer system – or this could happen to you!

http://techdirt.com/articles/20061215/075239.shtml

Tip: When Leaving Your Job At An ISP, Don't Cancel All Its Customer Accounts

from the just-a-suggestion dept

It's no surprise that people who are leaving their jobs (especially to go work for a competitor) may have a certain dislike for their ex-employer -- but it's still amazing that people don't realize that attacking them isn't a particularly good idea. A former employee of a wireless ISP in Utah apparently logged back into the computers of his former employer (shame on them for leaving access open to the guy) and cutting off customer accounts by reprogramming customer access points. There are plenty of cases detailing similar attacks on former employers -- but it's amazing that these people don't expect to get caught. In this latest case, not only was the guy caught, he's now been sentenced to two years in jail. Still, there are some oddities here. Apparently after the guy turned off service for these customers, it took up to three weeks to reprovision some of them. That seems like an excessively long time -- though, if the company left their computer network open to a former employee who left on bad terms, perhaps they weren't the most technically savvy ISP out there.



Even in the virtual world, it's “Location, location, location!”

http://techdirt.com/articles/20061215/080551.shtml

Distance Does Matter On The Internet, Sometimes

from the speed-of-light-not-fast-enough dept

Along with many other physical constraints, the internet can make distance or location irrelevant. Things like telecommuting mean that companies don't necessarily have to go where their employees are, though change in this regard has been somewhat slow. It's true in the financial industry, as New York is slowly losing its role as the only place for a financial company to locate. The CEO of online broker Ameritrade once colorfully noted that his company could be located in Zimbabwe, and it wouldn't matter (it happens to be located in Omaha). But there are some financial companies, whose businesses are also completely electronic, that are finding a need to be close to the financial centers. Traders and funds, whose strategy it is take advantage of small arbitrage opportunities only available for an instant, have found that the milliseconds difference in trade execution time can make a big difference in terms of the effectiveness of their strategy. In fact, one building in New York that houses the main computer system for electronic trading is home to 40 companies that trade using this strategy. So while the internet can eliminate many physical constraints, the physical constraints on the internet itself can have a big impact for some lines of business.



If your strap breaks, resulting in the Wii destroying your new 60 inch plasma TV, you can get a new $3 strap absolutely free! (Think your homeowners policy covers it?)

http://www.infoworld.com/article/06/12/15/HNwiistraps_1.html?source=rss&url=http://www.infoworld.com/article/06/12/15/HNwiistraps_1.html

Nintendo to replace 3.2 million Wii straps

Nintendo made the move before any regulatory agency could step in

By Ben Ames, IDG News Service December 15, 2006

In an effort to duck criticism that its remote controllers can fly across the room when wrist straps break, Nintendo Co. Ltd. is offering free replacements for that part of its new Wii video gaming console.

Carefully avoiding the term "recall," Nintendo made the move before any regulatory agency could step in. The replacement could affect up to 3.2 million straps, according to the Associated Press. Nintendo did not return calls for comment.



Questions: What happens when they lose the data? Will the data be available to your heirs when you die?

http://www.eweek.com/article2/0,1759,2073628,00.asp?kc=EWRSS03119TX1K0000594

Berkeley Data Systems Unveils Unlimited Online Storage

By Chris Preimesberger December 15, 2006

Online data storage provider Berkeley Data Systems on Dec. 14 introduced Mozy Unlimited Backup, a new service that individuals can use to back up an unlimited amount of digital files—documents, photos, video —to a secure, multi-petabyte outside server.

The company offers the first 2GB of storage for no fee, and the unlimited backup—which includes an unlimited number of restores—costs $4.95 per month. Users may select month-to-month or annual payment plans.

Berkeley DS, based in American Fork, Utah, is making the unlimited storage offer available for individual users only at this time. The company expects to release a business version of the service in January.

"Since announcing our beta in April, we've grown to more than 100,000 users," said Berkeley DS founder and CEO Josh Coates.

... Mozy ("The name doesn't really mean anything, we just liked it," Coates said) now also offers consumers the option to order a copy of their data on DVD, shipped next-day air via FedEx.

Other features include private key encryption, custom backup scheduling, continuous backup options, bandwidth throttling, block level incremental backups, 30-day file version archives, support for files larger than 2GB, single-instance storage and automatic Microsoft Outlook file detection and backup.

Two-year-old Berkeley Data Systems has conducted more than 2.5 million backups in the past month alone. Currently, it has more than 450 million files stored in its high security center.

To sign up for the free 2GB storage, go here.



http://www.bespacific.com/mt/archives/013299.html

December 15, 2006

Nearly Half of our Lives Spent with TV, Radio, Internet, Newspapers

Press release: Nearly Half of our Lives Spent with TV, Radio, Internet, Newspapers, According to Census Bureau Publication, December 15, 2006.

  • "Adults and teens will spend nearly five months (3,518 hours) next year watching television, surfing the Internet, reading daily newspapers and listening to personal music devices. That’s only one of thousands of nuggets of information on Americana and the world in the U.S. Census Bureau's Statistical Abstract of the United States: 2007, released today."

Online and Buy-the-Book

"-- Among adults, 97 million Internet users sought news online in 2005, 92 million purchased a product and 91 million made a travel reservation. About 16 million used a social or professional networking site and 13 million created a blog. (Table 1139)
-- U.S. consumers are projected to spend $55.5 billion to purchase 3.17 billion books in 2007. (Tables 1118, 1119)"



Vive le frogs!

http://yro.slashdot.org/article.pl?sid=06/12/15/2234216&from=rss

HP's Windows Bundle Trouble

Posted by Zonk on Friday December 15, @07:21PM from the i'm-sorry-please-enter-your-option-again dept. HP The Courts Windows

narramissic writes "A French consumer group has filed 3 lawsuits against HP, saying the company's practice of selling consumer PCs with Windows pre-installed violates a French law that 'prohibits linking the functionality of a product to another product' — not to mention that consumers wind up paying for an unwanted OS. For its part, HP contends that it is not in violation of the law because the OS is integral to the PC. 'The PC without an OS is not a product because it doesn't work,' said Alain Spitzmuller, legal affairs director for HP France. 'We believe the market is for products that work.'"



Some people know how to corner a market, others how to corner a competitor...

http://linux.slashdot.org/article.pl?sid=06/12/15/2055259&from=rss

Novell/Microsoft Deal Punishment for SCO?

Posted by Zonk on Friday December 15, @04:56PM from the stranger-things-have-happened dept.

An anonymous reader tipped us off to an article on the Information World site looking at the Novell/Microsoft deal from a new angle. Article author Tom Yager is of the opinion that the deal is Microsoft's punishment for throwing in with SCO. The very public announcement was made, in his opinion, as a stopgap measure against a future lawsuit on Novell's part.

From the article: "Novell has exhibited the patience and cunning of a trap door spider. It waited for SCO to taunt from too short a distance. Then Novell would spring, feed a little (saving plenty for later), inject some stupidity serum, and let SCO stride off still cocksure enough to make another run at the nest. That cycle is bleeding SCO, which was the last to notice its own terminal anemia. When it became clear that SCO wouldn't prevail, Microsoft expected only to face close partner IBM. Microsoft did not brace for Novell, an adversary with a decades-long score to settle with Redmond. Through discovery, Microsoft's correspondence with SCO is, or soon will be in, Novell's hands, and it's a safe bet that it will contain more than demand for a license fee and a copy of a certified check."



It is obvious, but no one would believe it until Harvard studied it.

http://hbswk.hbs.edu/item/5567.html

The Business of Free Software: Enterprise Incentives, Investment, and Motivation in the Open Source Community

Authors: Marco Iansiti and Gregory L. Richards Published: November 2006

Executive Summary:

IBM has contributed more than $1 billion to the development and promotion of the Linux operating system, and other vendors such as Sun are ramping up open source software efforts and investment. Why do information technology vendors that have traditionally sold proprietary software invest millions of dollars in OSS? Where have they chosen to invest, and what are the characteristics of the OSS projects to which they contribute? This study grouped OSS projects into clusters and identified IT vendors' motives in each cluster. Key concepts include:

* Cluster 1, the "money-driven cluster," consisted of projects that have received almost all of vendor investments. The eighteen projects in this cluster have received over $2 billion in investment.

* Cluster 2, the "community-driven cluster," has a large number of projects that have received almost no vendor investment. IT vendors have generally ignored projects in this cluster and appear to have no coordinated strategy for dealing with them.

* Examining the impact of projects in both clusters shows that vendors have not invested uniformly in high-impact OSS projects. Instead, vendors invest in projects that can serve to draw revenues to their own (largely proprietary) core business.



-.. .- -- -. // / .- -. --- - .... . .-. / ... -.- .. .-.. .-.. / --- -... ... --- .-.. . - . -.. //

http://science.slashdot.org/article.pl?sid=06/12/16/0915202&from=rss

FCC Drops Morse Code Requirement

Posted by Zonk on Saturday December 16, @05:18AM from the end-of-an-era dept.

leighklotz writes to mention a story discussing what some might consider a historic event. The FCC has dropped the Morse Testing requirement for amateur radio certifications. The public announcement was made on Friday. Ham radio operators will no longer have to study Morse, in a move patterned after other western nations. Says leighklotz: "The U.S. joins Canada and other countries in eliminating the morse code testing requirement, after being authorized to do so on July 5, 2003, when the World Radio Telecommunications Conference 2003 in Geneva adopted changes to the ITU Radio Regulations."



He said it, I didn't.

http://www.thestar.com/NASApp/cs/ContentServer?pagename=thestar/Layout/Article_Type1&c=Article&cid=1165705809111&call_pageid=968867495754

A generation is all they need

One day we will all happily be implanted with microchips, and our every move will be monitored. The technology exists; the only barrier is society's resistance to the loss of privacy

Dec. 10, 2006. 08:46 AM KEVIN HAGGERTY SPECIAL TO THE STAR



http://www.heise-security.co.uk/articles/82481

Know-how 15.12.2006 14:46 Jürgen Schmidt

The hole trick

How Skype & Co. get round firewalls

Peer-to-peer software applications are a network administrator's nightmare. In order to be able to exchange packets with their counterpart as directly as possible they use subtle tricks to punch holes in firewalls, which shouldn't actually be letting in packets from the outside world.

No comments: